next generation one time passwords & enhanced authentication · 2016-08-23 · account setup -...
TRANSCRIPT
SyferLock Technology’s Grid Data Security™ solutions
Next Generation One Time Passwords &
Enhanced Authentication
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
Static/Reusable Password 2FA / Multi-factor
_______________________________________
Static / Reusable Passwords and PINs
_______________________________________
At one end of the authentication spectrum you
have reusable passwords that are weak and
vulnerable against the most prevalent and easily
executed attacks.
Attempts to make them ―limited time passwords‖
i.e. expire every 30,60,90 days add no real
strength to the threat matrix, but add a real Total
Cost of Ownership (TCO) burden to users and
organizations.
Even with the known weaknesses static
passwords are the most pervasive form of
authentication for the majority of users.
_______________________________________
2 Factor and/or Multi-Factor
_______________________________________
At the other end of the spectrum you have 2
factor, or what has historically been called strong
authentication.
While delivering increased strength from One
Time Password generation and ―having
something‖, traditional hardware and the very
nature of the ―something you have‖ unfortunately
create real limitations.
Heavy burden on TCO and limited deployment
force organizations to go bare due to budget
constraints even in the needs and mandates of
regulatory bodies and guidelines (e.g. PCI, SOX,
FFIEC, HIPAA, BASEL).
Also the challenge still exists to have a secure, un-
intrusive ―plan B‖ for lost, stolen, or broken
devices.
The Authentication Spectrum
Utilizing SyferLock’s Approach to Cross and Cover the Authentication Spectrum
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
The story and problem are enduring for organizations and security conscious individuals: traditional reusable passwords are at
the ―breaking point‖, and no one solution seems to be adaptive enough, flexible enough and secure enough to help with the eve r
increasing and ever changing business cases and user needs. SyferLock Technology has created one of the most secure,
adaptive and flexible systems to help address the ―breaking point‖. Key features:
■ Deviceless One Time Password Generation ■ Zero Foot Print – No Additional Client-Side Hardware or Software
■ Greatly Reduced TCO ■ Highly Flexible, Adaptive and Customizable
The Authentication Spectrum
Utilizing SyferLock’s Approach to Cross and Cover the Authentication Spectrum
Static/Reusable Password 2FA / Multi-factor
__________________________________________________________
Filling the Void and Covering the Spectrum
__________________________________________________________
SyferLock Technology’s unique approach and methodology address the large
part of the spectrum between insecure static/reusable passwords and costly,
cumbersome two-factor solutions . SyferLock delivers proven, effective
security through one time passwords or PINs, while allowing IT security a
viable alternative to static passwords delivering greater information access
control.
__________________________________________________________
Unique Features of the Grid Data Security Solution
__________________________________________________________
- Utilizes a user’s existing password and organization’s account directory
- Absolute zero client footprint and deviceless in nature
- Lower TCO and lightweight aspects allow for complete user coverage
- Bolsters and works in conjunction with other factors and security measures
__________________________________________________________
Critical Security Benefits Delivered
__________________________________________________________
Grid’s OTP system eliminates or mitigates the following attacks:
* Key loggers * Replay attacks
* Shoulder surfing * Stored browser passwords
* Brute force attacks * Dictionary attacks
* Phishing * Password sniffing and interception
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
__________________________________________
Utilize and Leverage the Existing Password
__________________________________________
Grid starts with the first factor! Leverage the pervasive use of passwords. It is estimated that 99% of all authentications use
static passwords or PINs. Another estimate shows that 95% of authentications use only the first factor of static passwords/PINs.
Take the familiarity of a static password, allow the user to continue its use, but now use Grid’s innovative system to convert the
static password to a dynamic One Time Password consisting of a randomly changing string of numbers.
Grid accomplishes this One Time Password by the power and process of simple substitution. At log-in, substitute the real
password with randomly changing numbers! A substitution cipher with the strength of one-to-many. It starts with a single cell
that contains a letter or character (or the possibility of any other password character from which users can construct their
passwords). Each character has a number (or cryptogram) that sits in each of the four corners of the cell. These cryptograms
change at every login or at every screen, UI or page refresh (see below figures) In addition, the cryptograms are fully
customizable from the value they display to where they are displayed (i.e. Corner or Position - North, South, East and West).
The Patented Approach & Methodology
Next Generation One Time Passwords & Enhanced Authentication
SyferLock Technology delivers a family of patented products offering a paradigm shifting approach to next generation One Time
Passwords (OTPs) and access to computers, networks and the internet. SyferLock has engineered an enhanced authentication
methodology and system providing deviceless OTPs allowing Users with a simple, more secure way to access information
leveraging their existing passwords.
Our solutions deliver unparalleled flexibility through a solution allowing for diverse and evolving authentication needs. The zero
footprint aspect allows and provides deviceless, One Time Password generation without any extra client-side hardware or
software – ANYWHERE, ANY MACHINE, MORE SECURELY™. Finally, the methodology allows the creation of a layered
approach to current authentication processes: stand alone, or used in conjunction with other factors.
Login 1 Login 3…Login 2
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
__________________________________________________
Account Setup - A Simple 2 Step Process
__________________________________________________
The Patented Approach & Methodology
Next Generation One Time Passwords & Enhanced Authentication
Step 1: The user will enter their existing domain
password.
Step 2: The user now chooses which corner to use for
substitution at login
___________________________________________________
User’s Reusable Password becomes a One Time Password
___________________________________________________
At login, users simply refer to the security grid user interface1. Looking at the keys corresponding to the characters of their
password and the selected target corner, the user will enter the number of the target corner as their GridCode. Upon every
refresh and/or new login, the corner numbers randomly change, creating a new one-time password.
1 The grid user interface can be completely customized through MyGrid™ technology
allowing a wide variety of layouts, designs, and languages and/or character sets.
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
Tuneable, Adaptive and Flexible Security
Next Generation One Time Passwords & Enhanced Authentication
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
GridAdvanced™
Security Grid UI
The GridAdvanced
solution allows
greater endpoint
security by offering a
wide array of security
features to its users.
GridBasic™
Security Grid UI(shared corner
version shown)
The GridBasic
solution delivers key
security benefits
while making its
integration and
deployment
straightforward and
unintrusive.
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
EFFECTIVE SECURITY AGAINST KEY FEATURE(S)
GridAdvanced™
Key Logging
Shoulder Surfing
Replay
Stored Browser Information
Session capture/observation
Brute Forcing
- Advanced feature possibilities
- Unparalleled zero footprint security
- Endpoint security benefits
GridBasic™
Key Logging
Shoulder Surfing
Replay
Stored Browser Information
Brute Forcing
- Ease of Integration
Grid2Form™
Key Logging
Shoulder Surfing
Replay
Stored Browser Information
Brute Forcing
- Offers two vectors of security
- Improves the security of static PINs
Grid2Form™
Security Grid UI
The Grid2Form
solution allows two
vectors to be utilized
leveraging the user’s
password coupled with
a one time PIN. Ideal
for where PINs are
used but enhanced
security is warranted.
Tuneable, Adaptive and Flexible Security
Next Generation One Time Passwords & Enhanced Authentication
Completely Customizable for Optimal User Experience
Next Generation One Time Passwords & Enhanced Authentication
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
Alpha Landscape
Security Grid UI
Alpha Number Pad
Security Grid UI
QWERTY
Security Grid UI
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
Completely Customizable for Optimal User Experience
Next Generation One Time Passwords & Enhanced Authentication
Greek
Security Grid UI
Arabic
Security Grid UI
Japanese
Security Grid UI
Securing Your Future with GridGuard Authentication SystemDo you truly know who's accessing your information?
Unfortunately, security that leverages static, reusable passwords has proven easy for hackers to beat.
As more and more individuals are leveraging the flexibility of doing business (professionally and personally) from remote
locations, the need for reliable and secure application access is essential. The GridGuard™ authentication system can provide
this reliability and security as it is based upon something you know (a password) and something you know (a target corner or
position) – providing an increased reliable level of user authentication than a static or reusable password. By converting your
existing password into a secure one-time password (OTP), remote user will be protected against many common security threats.
Secure one-time password that changes at every login
Anomaly detection through Account History
Self Service approach providing significant decrease in help desk/support calls.
SyferLock offers enterprises a range of user authentication options, helping to identify users before they interact with mission-
critical data and applications through Remote Authentication (SSL VPN), Intranets & extranets, E-mail, Microsoft Windows
Desktops, GridGuard Services (SDK, custom integrations).
SyferLock Technology Products (as of April 2009)
Enhancing the Security of Key Applications
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
Product Description
GridOne™ The GridOne™ solution works within the guidelines of a portal environment, providing organizations a solution that is
as easy to deploy and administer. With GridOne™, no interaction with a desktop is required—that is, no need for an
install , therefore no client side software maintenance. Equally important, there are no tokens to manage. GridOne™
is a device-less solution where authentication can occur from anywhere a web URL is available.
GridGuard™
The GridGuard technology provides enhanced authentication for Remote Access, Outlook Web Access and
SharePoint . Some of the supported remote access solutions include Juniper SA SSL VPN , AEP Netilla, Citrix Access
Gateway, Connectra – Checkpoint and others. For further details on the solutions that GridGuard™ supports, contact
SyferLock directly.
GridPro™ GridPro™ offers enterprises a solution for the personal computer leveraging a Microsoft Windows® operating system
platform. This solution consists of a login application (replacing the standard Windows login) that presents a user with
a Grid for authentication.
Grid Services
SyferLock offers an Software Developers Kit (SDK), as well as for those organizations where resources (time/people)
are limited so developing off of the SDK is not an option , SyferLock can provide that service (customized solution).
Custom solutions include, but not limited to JAAS, Servlet Filters and many more. For further details on our Grid
Services, contact SyferLock directly.
Grid2Go™ Grid2Go is a two-factor authentication system based on SyferLock’s patented authentication system and methodology.
The system leverages current-generation ―smart‖ mobile devices such as the Blackberry and iPhone as the second
factor in the authentication process.
SyferLock Technology Products (as of April 2009)
Enhancing the Security of Key Applications
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.
Component Memory Disk Space Additional Considerations
Grid Server 1GB Min 500 MB Can reside on an existing hardware, with
the Grid Web Server, Virtual image, etc
Grid Web Server 500 MB Min 200 MB Can reside on existing Grid Server, Web
Server, Virtual image, etc.
LDAP Proxy 500 MB Min 50 MB Can reside on existing Grid Server, Web
Server, Virtual image, etc.
User Directory ___ ___ Reference the supporting documentation
for system requirements.
Database (Login) ___ ___ Reference the supporting documentation
for system requirements.
SYSTEM REQUIREMENTS
* JAVA platform is J2EE compliant
PLATFORM SUPPORT
PLATFORM
.Net Java
Operating System32 or 64 bit Support
Windows Server 2003
Windows Server 2008
Linux
UNIX (Solaris, AIX, HPUX)
Application/Web Server IIS 6.0
ISA 6.0
Weblogic 9x
Websphere 6x
JBOSS 4x
Tomcat 6.x
Framework Microsoft .net Framework 2.0 or greater
Java Runtime Environment 1.5 or greater
Database SQL Server 2005
SQL Server 2008
MySQL
SQL Express
Oracle 10g
Oracle 11g
DB2 8.2
DB2 9.x
Authentication Support
/ User Store
LDAP
Active Directory
IBM Directory Services / Tivoli Directory Services
Postgres 2.5 or greater
Browser IE 6.0 or Greater
Firefox 3.x
Chrome
SyferLock Technology Corporation
Company & Contact Information
_______________________________
SyferLock Technology Corporation
_______________________________
250 Pequot Avenue
Southport, CT 06890 USA
Phone 203-292-6268
Fax 203-292-5440
Email [email protected]
www.SyferLock.com & www.GridDataSecurity.com
© 2007 – 2009 SyferLock Technology Corporation™ All Rights Reserved. System and method U.S. Patented no. 7,143,440 Additional U.S. and Foreign Patents and Patents Pending.